^AO120rRev.2/99) 


TO; Mail Stop 8 


REPORT ON THE 


Director of the U.S. Patent & Trademark Office 


FILING OR DETERMINATION OF AN 


P.O. Box 1450 


ACTION REGARDING A PATENT OR 


Alexandria, VA 22313-1450 


TRADEMARK 



In Compliance with 35 § 290 and/or 15 U.S.C. § 1 1 16 you are hereby advised that a court action has been 
filed in the U.S. District Court Northern District of California on the following ✓ Patents Of □ Trademarks: 



DOCKET NO. 

CV 10-01325 EMC 


DATE FILED 

3/29/10 


U.S. DI 
4. 


STRICT COURT 

SO Golden Gate Avenue, P.O. Box 36060, San Francisco, CA 94102 


PLAINTIFF 

TELECONFERENCE SYSTEMS LLC 


DEFENDANT 

TANDBERG INC 


PATENT OR 
TRADEMARK NO. 


DATE OF PATENT 
OR TRADEMARK 


HOLDER OF PATENT OR TRADEMARK 


1 see Complaint 












3 






4 






5 







In the above — entitled case, the following patent(s) have been included: 



DATE INCLUDED 


INCLUDED BY 

□ Amendment □ Answer □ Cross Bill □ Other Pleading 


PATENT OR 
TRADEMARK NO. 


DATE OF PATENT 
OR TRADEMARK 


HOLDER OF PATENT OR TRADEMARK 


1 






2 






3 






4 






5 







In the above — entitled case, the following decision has been rendered or judgement issued: 
DECISION/JUDGEMENT 





CLERK 

Richard W, Wieking 


(BY) DEPUTY CLERK 

Sheila Rash 


DATE 

April 1,2010 



Copy 1 — Upon initiation of action, mail this copy to Commissioner Copy 3— Upon termination of action, mail this copy to Commissioner 
Copy 2 — Upon filing document adding patent(s), mail this copy to Commissioner Copy 4 — Case file copy 



Exhibit A 



IIHIiiillMilflillll 



(12) United States Patent 

Jang et al. 



(10) Patent No.: US 6,980,526 B2 
(45) Date of Patent: Dec. 27, 2005 



(54) MULTIPLE SUBSCRIBER 

VIDEOCONFERENCING SYSTEM 

(75) Inventors: Saqib Jang, Woodsicic, CA(US); Mark 
Kent, Los Altos Hills, CA (US) 

(73) Assignee: Maigalla Communications, Inc., 
Woodside, CA (US) 

( * ) Notice: Subject to any disclaimer, the term of this 
patent is extended or adjusted under 35 
U.S.C. 154(b) by 917 days. 

(21) AppJ. No.: 09/819,548 

(22) Filed: Mar. 26, 2001 

(65) Prior Ihiblication Data 

US 2001/0043571 Al Nov. 22, 2001 

Related U*S. Application Data 

(GO) Provisional application No. 60/1 9 1,8 J 9, filed on Mar 
24, 2000. 

(51) Intel/ H04L 12/16 

(52) U.S. CI. 370/260; 370/352; 370/401 

(58) Field of Search 370/260,261, 

370/262, 264, 265, 351, 352, 353, 354. 401, 
370/402, 494, 495 

(56) References Cited 

U.S. PAlWr DOCUMENTS 

5,838,664 A 11/1998 Pobmski 

5.867.494 A 2/1999 KrLshnaswamy el aL 

5.867.495 A 2/1999 Elliott ct al. 

5,903,302 A * 5/1999 Hrowningctal 348/14.08 

5,999,525 A 12/1999 Krishnaswamy et al. 

5,999,966 A * 12/1999 McDougall et al 709/204 

6,025,870 A * 2/2000 Hardy 348/14.1 

6,078,810 A * 6/2000 Olds et al 455/428 

6,097,719 A g/2000 Benash et al. 



6,147,988 A U/2000 Bartholomew et al. 

6,157,401 A 12/2000 AWryaman 

6,188,687 Bl * 2/2001 Mussman e( al 370/388 

6,205,135 Bl 3/2001 Chinm ct al. 

6,262,978 Bl * 7/2001 Bnino ct al 370/260 

6,373,850 Bl " 4/2002 Lecourtier et al 370/409 

OTHER PUBLICAnONS 

"Next Generation IP Conferencing Services" Ridgeway 

Systems & Software white paper, 1999. 

James Toga and Hani ElGebaly, "Demystifying Muitimedia 

Conferencing Over the Internet Using the H.323 Set of 

Standards," Intel Technology Journal Q2 '98^ pp. 1-11. 

www.teleconferencemag.com/html/issues/issucs2000/ 

dec__20(JO/1200vicw.htral, Dec. 2000. 

www.tcleconfcrcncemag.com/html/issucs/issucs2000/ 

dcc„2(KK)/1200vicw.html, Nov. 2000. 

www.icleconfcrcnccmag.com/html/issues/issues2000/ 

dec_.2000/1200 vicw.html, Oct. 2000. 

(Continued) 

Primary Examiner — Phirin Sam 

(74) Attorney, Agent, or /'Yrm— Aileman Ilali McCoy 
Russell & iuttle LLP 

(57) ABSTRACT 

A system, method, and device for use in videoconferencing, 
'llie method typically includes installing a videoconferenc- 
ing services switch at an access point to an IP network, and 
registering a plurality of subscribers for videoconferencing 
services. Each subscriber typically has a plurality of end- 
points. 'ITie method further includes receiving subscriber- 
specific settings to be applied to muhiple videoconferencing 
calls from the plurality of endpoints associated with each 
subscriber. The method further includes storing the sub- 
scriber-specific .sellings at a location accessible to the 
switch, and configuring the switch to connect calls from the 
plurality of endpoints al each subscriber based on the 
corresponding subscriber-specific settings. 

26 Claims, 10 Drawing Sheets 




us 6,980^26 B2 

Page 2 



OTHER PUBLICAHONS 

wviavi]..JJ20„00.html?printVeision=l&xiiilFileDamc=2()00 
Mayll274 

&storyId=27, May 2000. 
biz.yahoo,com/pmewsy010207/ca_jDlerna.html. 
"Multiprotocol Label Switching Architecture," ftp.isi.edu/ 
in-notes/rfc3031.txt, Jan. 2001. 

"BGP/MPLS VPNs," ftp.isi.edu/in-notes/rfc2547.txt, Jan. 
2001. 

"Firewall Vulnerability and Network Protection for Stream- 
ing and Emerging UDP Applications," Networking Systems 
Laboratory NHC USA, Inc., Aug. 2000. 



"High Performance H.323 Firewailing for VoIP Solutions." 
Aravox Technologies. 

"IP Service Intelligence at the Edge," Copper Mountain 
Networks, Inc. nn6 Spring Tide Networks, Inc. 
"IP and Frame Relay: Bridging the Gap for Seamless and 
Secure Virtual Private Networking,** CoSine Communica- 
tions white paper. 

"H.323 and Firewalls: Problem Statement and Solution 
Framework,'* ftp.yars.free.nct/pub/doc/Drafts/draft-shore- 
h323-firewaUs-00.txt .gz, Feb. 3, 2000. 
"11323 and Firewalls: The problems and pitfalls of getting 
H.323 safely through firewalls," Intel Corporation, Revision 
2.0, Mar 21, 2001. 

* cited by examiner 



U.S. Patent Dec 27, 2005 sheet 1 of 10 US 6,980^26 B2 




U.S. Patent Dec. 27, 2005 



Sheet 2 of 10 



US 6,980^26 B2 



(M 




CM 



U.S. Patent Dec. 27, 200s 



Sheet 3 of 10 



US 6,980^26 B2 




U.S. Patent Dec 27, 2005 sheet 4 of 10 US 6,980^26 B2 




U.S. Patent Dec. 27, 2005 sheet 5 of 10 



US 6,980,526 B2 



VIDEOCONFERENCfNG SERVICES SWITCH 12 ->s 
\ 



420 



FROM 
413 



418 

FROM 
A 



QUALITY OF SERVICE 
MODULE 



MPLS TRAFFIC 
ENGIN EERING 



BANDWIDTH 
MANAGEMENT 
406f - j SETTINGS | 



DIFF-SERV 



4Q8 H SETTINGS t 



iP OVE R ATM 
408!(- fSErTit^GS( 



VIDEO 

TRANSMISSION 
ANALYSIS 

"^^^ ^ SETTINGS! 



POLICY ENGINE 



SUBSCRIBER 
SPECIFIC SEHINGS 



USER SPECIFIC 
SEHINGS 



422 



424 



426 



428 



430 



408f 



408g 



SECURiTY MODULE 



S1PR323 FIREWALL 
|SETTING"S1 
^^432 



SIP/H.323 
3DU 

1 SETTINGS! 



NATMODULE^408[ 



434 



ENCRYPTION 
MODULE 



i SETTINGS I 



436 



VIRTUAL PRIVATE 
NETWORK y408p 

ISETTINGT] 
^438 



431 



\ 



. 

FROM 
36, 236 

402 



\ 



\ 



VfOEOCONFERENCfNG 
SERVICES MANAGEMENT APP 



SETTINGS 



IMAGE 



DATABASE 



408 
406 



404 



FIG. 4B 



U.S. Patent Dec, 27, 2005 sheet 6 of 10 US 6,980,526 B2 



INSTALL VIDEOCONFERENCING 
SERVICES SWITCH AT ACCESS POINT TO 
INTERNET PROTOCOL (IP) NETWORK 



REGISTER SUBSCRIBERS FOR IP 
VIDEOCONFERENCING SERVICES 



502 



504 



RECEIVE SUBSCRIBER-SPECIFIC 
SETTINGS TO BE APPLIED TO MULTIPLE 
VIDEOCONFERENCING CALLS 



^ 506 



STORE SUBSCRfBER-SPECfFlC SETTINGS 
AT LOCATION ACCESSIBLE TO SWITCH 



508 



500 



CONFIGURE SWITCH TO CONNECT 
CALLS BETWEEN SUBSCRIBERS BASED 
ON CORRESPONDING SUBSCRIBER- 
SPECinc SETTINGS 



RECEIVE AND PROCESS CALL 
{ RECEIVE CALL CONNECTION ^, 



REQUEST 

CONNECT REQUESTED CALL, 
USING H.323/SIP PROTOCOL 

ZZZZ'iZZZZ 

MONITOR CALL 

RECEIVE CALL 
TERMINATION REQUEST 

ZZZZ^ZZZZ 

LOG CALL RECORD 



V" 



I-- 



510 



'512 

514 

/ 

516 

y 

518 

/ 

520 

/ 

522 

/ 



U.S. Patent Dec. 27, 2005 sheet 7 of 10 US 6,980,526 B2 



CONFIGURE TUNNELING MODULE 

( " createTpsecTunneT i 

I BETWEEN SWITCH AMD p- 
ENTERPRISE VIDEO GATEWAY J 



604 

/ 



CONFIGURE VIRTUAL ROUTER (VR) 



606 



CREATE VR WITHIN ' 
SWITCH FOR SUBSRIBER T 



CONFIGURE ROUTING ' 
SERVICES FOR SUBSCRIBER T 



CONFIGURE CALL CONTROL MODULE 

^ CONFiGURE'H.323 ] 
I GATEKEEPER AND/OR 



V, SIP PROXY FOR SUBSCRIBER 



r 





r 


CONFIGURE SECURI-fY MODULE 






\ CONFIGURE QUALITY ^ 
^ OF SERVICE MODULE 






CONFIGURE USER-SPECIFIC ^ 

AND SUBSCRIBER-SPECIFIC 

, SETTINGS ON POLICY ENGINE 
J 



608 

/ 

610 

/ 



-612 

614 

/ 



616 



618 



620 



510 



FIG. 6 



4- 



^J^^^vr^ru'r^^,^^-, ^'"^ '^'^^ ^'"^^ application pendi^ 4% " ^ ^ 

701 Market Street, Sdte 1450 ' " * v / - 

Saint Louis, Missouri 63101 '"^ ' / '^V 

Telephone: (314) 241-2929 
Facsimile: (314)241-2029 
asimon@sinionlawpc.com 

ROBERT W. HICKS (Cal. Bar No. 168049) 
KENNETH R. WRIGHT (Cal Bar No. 176325) 
Robert W. Hicks & Associates 
14510 Big Basin Way, Suite 151 
Saratoga, CA 95070 
Telephone: (619) 846-4333 
Facsimile: (408) 624-9369 
rhicks@nvhlaw.com 

kwright@rwhlaw.com j 
Plaintiff, TELECONFERENCE SYSTEMS, LLC 



UNITED STATES DISTRICT COURT 
NORTHERN DISTRICT OF CALIFORNIA 



TELECONFERENCE SYSTEMS, LLC, 



Plaintiff, 



vs. 



TANDBERG, INC., AVAGO 
TECHNOLOGIES U.S., INC., BAYER 
CORPORATION, ERICSSON, INC. and ONE 
COMMUNICATIONS CORPORATION, 

Defendants, 



feNo.r 
COMPLAINT 

JURY TRIAL DEMANDED 



Teleconference Systems, LLC, ("TS") files this Complaint against Tandberg, Inc., Avago 
Technologies U.S., Inc., Bayer Corporation, Ericsson, Inc. and One Communications 
Corporation (collectively "Defendants") for infringement of United States Patent No. 6,980,526 
(hereinafter 'Ue '526 Patent"). A copy of the '526 patent is attached as Exhibit A. 

JURISDICTION 

1. This is an action for patent infnngement under title 35 of the United States Code. 
TS is seeking injxmctive relief as well as damages. 

1. 



COMPLAINT 
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VroSS^5^FNCm?^Y^lirM • deploy Network Address Transla- 

VIDLUCONFERENCING SYSTEM uon (NAT) devices, often implemented as part of a firewall 

rpnoc DccnDEvr^i. T-^ r.r^, .^r. appKcatiOfl, to connect the enterprise network having private 

CROSS ^^EFERENCE T^^^ IP unregistered addresses to a pubUc IP network with 
Ai'ifULAi lON5> 5 globally unique registered addresses. NAT is generally used 

for two pprposes: 1) as a mechanism to work around the 

lliis application claims priority under 35 U.S.C. § 119(e) problem of IPv4 address space depletion, and 2) for security 

to U.S. Provisional Patent Application No. 60/191,819 purposes (to hide internal IP addressing policy from outside 

entitled "System and Method for Security and Management entities. A NAT device rewrites IP headers as packets pass 
of Streaming Data Communications on a Computer Network lo through the device. The NAT device maintains a table of 

System/* filed Mar. 24, 2000, the disclosure of which is mappings between IP addresses and port numbers. The 

herein incorporated by reference. problem with sending H.323 and SIP traffic through a NAl' 

device is thai these protocols make heavy use of embedded 

TECHNICAL FIELD n» addresses, whUe normal data traiEc contain IP address in 

15 the header of each packet. While configuring a NAT to 

The present invention relates generally to videoconfcr- rewrite packet headers to change addresses is relatively 

encing, and more particularly to a system, method, and straightforward, it is very difficult to configure a NAT to 

device for implementing a multiple subscriber vidcoconfer- translate addresses that are embedded in IL323 and SIP 

encing service for use on Internet Protocol (IP) networks. traffic, because the location of these address in these data 

20 stream is difficult to calculate. 

BACKGROUND OF THE INVENTION Regarding bandwidth utilization, in order to achieve a 

quality sufficient for business videoconferencing, a mini- 

Videoconferencing provides a conveniem way for usere in '^^^^"^ ^^^^ bandwidth is generally required per 

distant locations lo participate in a facc-to-facc mcetine videoconferencmg participant. Multiple users simulta- 

without having to spend time and money travelinc to a °^««ly engaged m videoconferencing applications may use 

central meeting site. Many prior videoconferencing systems "f bandwidth on a local area network (LAN), 

have been based on circuit switched Integrated Services '"'^^^ ^^^"^^ "'^'^^ operations. Current 

Digital Networks (ISDN) standards. ISDN lines typicallv ^^''^''^^ °° ""^^ ^"""^ ^ n^l^ork administrator to control 

offer guaranteed quality of service, with specialized lines bandNwdth usage of multiple network users, 

having high transmission rates. This enables high-quality ^^^re, network admjmstratois are rclucUnt lo deploy 

video and audio signals to be deUvered to the confcrendng Videoconferencing systems. 

participants. However, ISDN videoconferencing is ^^<:g«dmg quality of service, typicallP networks do not 

extremely expensive, because ISDN lines arc costly to P«'v^do guaranteed transmission speeds for videoconferenc 

install and lease, and because specialized hardware is <Jf a- Videoconferencmg data generally is indistin^ 

required at the sites of the users. Because of this expense ^^"^ networks, such as email and web 

ISDN videoconferencing systems are typically offered in a ^^^^^ 'l'*^' networks may be delayed due to 

specialized videoconferencing room, rather than al each ^^^^^ ^^^^^^ generally not a 

desktop computer of each employee in an enterprise In , ^Z' sensitive data such as email, it can 

addition, ISDN can he complicated to set up, and unreliable. ^""^'^^^ P'*^*'''^ ^""^ 'l^'^^^y videoconference 
ISDN calls on average take more than 10 minutes to set-up, 

and greater than 10% of calls are dropped without being ^^^"^^^ ^^^^ ^^^^^^ P^^em with 

completed. current videoconferencing systems, namely, that enterprises 

D^^nth, u . • 7 r ■ , cannot easily outsource videoconferencing services to out- 

Reccntly, another approach to videoconferencmg has ^id, service providers. Currently, service providers are not 

nSwol usin?the ?ftt'''ff '''"Tr f'^'T' '""'^ cost-effectively provide ^Videoconferencing sel^iL 

rs m ^^nH.r^ u \l\ T 1 '"'""fu uT"^^ ^ * ^^g^ Dumber of subscribers. bccause specialized equip- 

(S P) standards. 11.323 is a standard approved by the Inter- ^em must be deployed or existing equipment must L 

naiu)nal Telecommunication Union (ITU) in 1996 to pro- ^pg^ded at every subscriber site. This results in an expen! 

netwoTC ' ^^^«^°f trartsmissions over IP up-front capL investment as well as significant o^- 

50 lionalexpensesforlheserviceprovidenUp-frontequipmenl 

Ski °>"l^^"ied,a commumcation over IP installaUons take time at each subscriber, Lulling in fslow 

deployment of the videoconferencing capabilities to sub- 

Videoconferencing over IP networks has a number of scribers. In addition, the high up front costs result in 

fundamental problems, including security, bandwidth utili- decreased service provider profit margins. It is difficult to 

zation, quality of service, and deployment and management. 55 grow such a service because each subscriber adds lo an 

Regarding security. H.323 and SIP are difficult to implement incremental growth in the capital equipment pool because 

with current firewalls. The difficulty lies in the fact that these resources are not shared. 

H.323 and SIP are complex protocols and use multiple Because of the cost and reliability issues with ISDN, and 
dynamically allocated ports for each caU, Because of the because of the security, bandwidth utilization, quality of 
heavy use of dynamically allocated ports, it is not possible 60 service, and deployment and managemeot issues with H.323 
to preconfigure firewalls to allow SIP- or H.323-signaled and SIP, it is difficult for the average enterprise lo upgrade 
traffic without opening up large numbers of holes in the and customize its network to enable videoconferencing. In 
firewall. This represents a more lax firewall policy than addition, it is difficult for service providers lo cost-effec- 
would be acceptable at most enteiprises. In addition, SIP or lively provide an outsourced videoconferencing service on a 
H.323 video endpoints behind a firewall typically cannot 65 per-subscriber basis. Thus there exists a need for a video- 
receive calls from external parties due to firewall policies in conferencing system, method, and device for delivering 
place at most enterprises. secure, high-quality videoconferencing services over an IP 
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network to mulUple enterprise subscribers in a manner that FIG. 5 is a flowchart of a videoconferencing method 
does not require expensive upgrading and customization of according to one embodiment of the present invention 
the entcrpnse network. FIG. 6 is a flowchart of one exemplary method for 

SUMMARY OF THE JNVENnON 5 m3 of RG.t '''^ '"^^^^^ switch of the 

A™et^,r, ^^iU^A - r . 7 is a flowchart of one exemplary method for 

Asyslem method, and device for use m videoconferenc- accomplishing the step of configuring the ^cu^itrmodule of 
mg are provided. The method typically includes installing a the method of FIG 6 

w^Hn??"^?^ t° P^^i^* ^ »P "^t- FIG. 8 is a flowchart of one exemplaiy method for 

TnLn. ' P^y^^jy of subscnbers for video- ,0 accomplishing the step of configuring the ouSity of «.rv ce 

conferencing sen^ices Each subscriber typicaUy has a plu- module of the method of FIG. 6. ^ 
[^Ltr^'^'T' ""T^k"* further includes receiving RG. 9 is a flowchart of one exemplary method for 
^r^lT^ Tr'^'T ? "'^'^P^*^ accomplishing the step of configuring the Jr-spcci2c and 

conferencmg calls froirnhc plurals ^^bscriber-specific setLgs of the method of FIcTe 

Thf h"'." i^<^»^<J^ storing ^5 FIG. 10 is a schematic view of an ente^rise video 

the subscriber-specific settings at a location accessible to the gateway of FIG. 1 
switch, and configuring the switch lo connect calls from the 

plurality of endpoints at each subscriber based on the DETAII^D DESCRIFI ION OF THE 

corresponding subscriber-specific settings. INVENTION 

According to another embodiment of the invention, the 20 
method may include installing a video services switch on a Referring initially to HG. 1, a videoconferencing system 
service provider network at an access point configured to according lo one embodiment of the present invention is 
enable muluple ontcipnsc subscribers to access a global shown generally at 10. System 10 typically includes a 
packet-switched computer network to exchange data, videoconferencing services switch (VSS) 12 positioned on a 
including videoconferencing data and non-videoconferenc- 25 service provider network 14 at an access point 16 typicaUy 
ing data. The video services switch is typically configured to a point of presence (POP). Switch 12 is configured to 
process videoconferencing data from multiple enterprise register multiple enterprise subscriber networks 18 for vid- 
subscribcrs. The method further includes, at the video ser- eoconferencing services, receive subscriber-specific settings 
vices switch, receivmg a request for a videoconferencing for each subscriber 18 related to security and management of 
call from an origination cndpomt of one of the multiple 30 the videoconferencing calls from that subscriber, and pro- 
enterprise subscribers, and connecting the vidcoconfercnc- cess videoconferencing calls from each subscriber based on 
mg caU to a destination cndpoinl, the videoconferencing call the associated subscriber-specific settings, 
having associated videoconferencing data. The method may Service provider network 14 typically includes a packet- 
further include securing the videoconferencing call based on switched Internet Protocol (IP) network through which 
su^riber-spccific secunty settings. 35 multiple enterprise subscriber networks 18 may access a 

The device typicaUy includes a control plane module global IP network 20, such as the Internet 20. Typically, Uie 

configured to receive subscriber-specific videoconferencing service provider network 14 includes an access point' 16 

call settings for each of a pluraUty of video services sub- such as a POP 16. The POP has a unique IP address and/or 

scribers, the videoc-onferencing call settings being for mui- dial-up telephone number that a device on the enterprise 

tiple calls placed from each video services subscriber, and a 40 subscriber network 18 may conUct to access network 20. 
data plane module configured lo receive videoconferencing POP 16 typically includes an edge router 20 and a core 

data streams from multiple subscribers and manage these router 22 configured to route IP traffic into and out of POP 

videc>confcrencing data streams according to the subscriber- 16. POP 16 also includes a pluraUty of services switches 24 

specific videoconferencing call settings for each subscriber. including videoconferencing services switch 12, described 

IJe system typically includes a service provider network 45 abtivc, Voice Over Imerael Protocol (VOIP) services switch 

configured to enable users of multiple enterprise subscriber 26, and Virtual Private Network (VPN) services switch 28 

networks lo transfer data via a global computer network, the Upon inslniclion, edge router 20 is configured to route traflic 

service provider network having an access point. The system coming into POP 16 lo an appropriate services switch for 

also includes a videoconferencing services switch located on service-specific processing, or to core router 22 via direct 

the access point of the service provider network, 'llic vid- 50 link 30. Core router 22, in turn, is configured to route trafBc 

eoconfercncmg services switch is configured to process from either of the services switches 24, or from direct link 

videoconferencing calls from terminals on each of the 30 out to the Internet 20. The traflic may be routed across a 

multiple subscriber networks, based on subscriber-specific metropolitan area or long-haul backbone, which may be 

settmgs. leased or owned by the service provider. 

RRIFF nF^rRIPTrniM thp no Awrvrc ^° ^ Classified into video- 

BRIEF DESCRIPTION OF THE DRAWINGS conferencing data and non-videoconferencing data. Video^ 

rrr 1 ™ ■ c -j ■ conferencing data typically includes control data and 

FIG. lisaschematicviewof avideoconferencmgsystem streaming voice and audio data according to the H.323 or 

accordmg to one embodmient of the present invention. siP standards. H.323 refers to International Telecommuni- 

FlG. 2isaschemalic view of a videoconferencing system 50 cations Union, Telecommunications Sector. Reoommenda- 

*° ^ ' embodunent of the present invention. tion H.323 (version 1, published November 1996; version 2 

FIG. 3 is a schematic representation of a hardware con- pubUshed 1998, entiUed, "Visual Telephone Systems and 

figuration of a videoconferencing switch of FIG. 1. Equipment for Local Area Networks Which Provide a Non- 

FIG. 4A is a software architecture of the videoconferenc- guaranteed Quality of Service," the disclosures of which are 

ing system of FIG. 1. 65 herein incorporated herein by reference. SIP refers to Ses- 

FIG. 4B is a continuation of the software architecture of sion Initiation Protocol Proposed Standard (RFC 2543), 

Internet Engineering Task Force (IETF) (pubUshed March 
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Sc!^' 7"^'*" incorporated herein by System 10 is divided into local metropoliUn zone U and 

reference, ^fon-vldeoconferencmg data includes, for remote metropolitan zone Ul separated by backbone 32 

vT±r'^- ^1 f'^''' "^^^f LocalmetropoUtao zone 11 incl«lVaulZs S^^^^^^^ 

Videoconferencing data is typically routed through POP 16 to POP 16, and remote metropoUtan zone lU inc X S 

TaStc r^^'Tr ^ ' devicesthatconnecttoPOPuKprent^^^^^^ 

coaferencmg data is routed around the switch. metropoUtan zone U are similar to those in local m^t^S 

hiCh ot enterprise subscriber networks 18 typically tan zone 11 and arc numbered correspondingly and there- 

mcIudesapiuralityofterminal534.T6rminals34.aiongwiih fore will cot be redescribed in detail, 

video conferencing service switch 12 and the varioys other System 10 may be configured to connect a two-party or 

components of system 10, are typically H.323 or SIP com- 10 multiparty videoconference call from an origination teraii- 

phaal. Terminals 34 are typically videoconferencing devices nal 34fl to a destination terminal 346 on local zone 11 and/or 

contigured to display and record both video and audio. one or more destination terminals 134fl and 1346 on remote 

Tennmals 34 may be desktop computers, laptop computers, zone 111. A destination terminal on local zone 11 may be 

mainframes and/or workstation computers, or other video- referred to as a local destination terminal, and a desUnalion 

conferencing devices. Terminals 34 may also be described as is terminal on remote zone 111 may be referred to as a remote 

endpomts" in a videoconferencing call. I'hc terminal 34fl destination terminal. 

originating the videoconferencing call is referred to as an I'IG. 2 shows another embodiment of a videoconferencing 

onginanon endpomt 34fl, and (he other terminals requested system 210 having a local zone 211. It will be appredated 

to join in the call arc referred to as destination terminals, that a remote zone of system 2 10 is a mirror image of zone 

shown at 346, 134a, 1346. Terminal 346 is a local zone 20 2U, similar to that described above for system 10. Local 

desUnaUoii terminal, while terminals 134a, 1346 are remote 'one 211 includes multiple enterprise subscriber networks 

zone deslmalion terminals. Local and remote zones are 218 linked to a Digital Subscriber Line (DSL) service 

defined below. provider network 214 via an access point 216, typicaUy 

Each cnteiprise subscriber network 18 also typically called a central office, 
includes an enterprise video gateway 36 and enterprise edge ^^^^ enterprise subscriber network 218 includes a plu- 
router 38. Enterprise edge router 38 is configured to route '^^^^V terminals 234 which are .similar to terminals 34 
data traffic between terminals 34 and service provider net- described above. Integrated Access Device (IAD) 246 is 
work 14, based on source and destination IP addresses. configured to receive traffic from enterprise subscriber net- 
Enterprise video gateway 36 typically includes an emu- ^"^^ forward the traffic to the Digital Subscriber 
larion module 40 which emulates H.323/SIP call control and ^" ^^^^ Multiplexor (DSIAM) 248. Ihe DSLAM is 
firewaU functionality and an encryplion module 44 Vho 1° multiplex the traffic from thc IADs and for- 
gateway also typically has a globaUy roulablc IP address and IJ'^^^ ^ '° Asynchronous Transmission Mode (AIM) switch 
is configured to manage secure communication between * ^^^"^^ ^"^ demultiplexed for transmission 
terminals 34 and thc videoconferencing services switch 12 ^"^^^ ^ long-haul backbone. ATM switch 250 is ainfigured to 
Typically, emulation module 40 appears to terminaU 34 as videoconferencing data to and from leraifnals 234 and 
H.323 gatekeeper/SiP proxy and H323/SIP application backbone via videoconferencing services switch 212, 
proxy firewall which includes network address translation non-videoconfereucing data via ISP router 252, or 
(NAT) capability, which hides internal address from outside ^Z'"""^ ^'^""^^ 

devices. ^ shows an exemplary hardware configuration for 

M shov™ in FIG. 10, onlarpriso video ga.eway 36 f'°^^^'^"<'^&^"^<=^''^'«^^2 0iKs»iU:bmTniy 

includes an cncryplian module 44 Encwption moduk 44 is ^ P^h'^'d programmed .o .mplemen. (he presen> 

IvDicaUv an IP Sernritv np<t,^\ j mvcnliOD is the Intel Exchange Architeclurc (IXA) WAN/ 

data coming ftom terminals 34 and ^Sdlhe encrypted da"! « Hflkb^L (Se. ' ' °^ 

10 videoconferenciDg switch 12. Thc IPSec protocols have , • n • i j 

been adopted by the Internet Engineering iLk Fmo, and ^ h , ^ T'^^'f^"^ "'^^ ^ 

xrA c ' . . through network interface 308, data plane ingress port 318 

V^deoconferencmg data may be carried from terminal 34 or data plane egress port 320. The call set-up information is 

to service provider network 14 via one of two routes. First, processed according to H.323 or SIP specifications by host 

Uie vidcoconferencmg data may be routed by edge router 38 processor 306. Typically, the programs and data necessary 

via a direct network connection 42, such as a Tlcomiection, for processing the call are stored in memory 310 and 
to the Videoconferencing services switch 12 of the service 60 implemented by host processor 306. Forexample, the virtiial 

provider network 14. In this case, the direct network con- router, call control module, quaUty of service module, poHcy 

nection IS dedicated to video traffic. Second, firewall 40 may engine, and security module arc typically stored in memory 

be configured to pass encrypted videoconferencing data 310. 

through the firewall unexamined. Typically, the encrypted Control plane module 302 is linked to data plane module 
videocoirferencmg data IS encrypted by the encryption mod- 65 304 via a bus 312. Data plane module 304 includes a 

ule 44 of the enteiprise video gateway 36 using the IPSec network processor 314 and memory configured to receive 

protocols, discussed above. and manage transfer of real-time audio and video data 
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sfrcams from ingress ports 318 to egress ports 320. Data and the address of an H.323 gatekeeper 414 and/or SIP 

plane module 304 typicaUy includes a wire-speed switching proxy 416 within the videoconferendng services switch 12 

fabnc capable of processing real-time data streams with The enterprise edge router may also be configured to direct 

v^mdly no appreciabk latency^ traffic from a terminal to the gatekeeper 414 or proxy 4^6 
The wic-speedswitcbng fabric is configured to enable 5 along direct connection 42. Enterprise edge rouler settings 

transport of streaming data traffic across system with virtu- 4086 may also include prioritization information for traffic 

aUy no appreciable latency, even as the streaming data traffic passing though the edge router, such that the router may tag 

N^Toe^c^tr^n^^^^^ MAr*'\r.-° ^^r'' ^f^^ ^^"*"Sfa with Diff-Serv labels or proceJ 

NAT-specific firewall and NAT capabilities, policies from packets based on DifF-Serv labels, 
pohcy engme 418. monitor quality of service, and provide 10 For DSL service provider network 112, shown in FIG 2 

optional encryption and other security measures. One imple- terminal settings 408a are conOgured with the IP address of 

tnentation of system 10 is configured to provide aggregate the call control module 413, as discussed above IAD 

!l^^^v ^ ^atyhroughput of up to 1.048 Gbps with full settings 4086 are set to create a separate ATM permanent 

sccunty and policy management, quahty of service manage- virtual circuit (PVC) or Frame Relay (FR) Data Link Com- 
ment, and encrypuon. llie wire-spccd switching fabric is raunication Identifier (DLCt) for video traffic destined for 

mcludes fiiil support for IBTF standard IP routing protocols the videoconferencing services switch. Optionally, the set- 

''^^^n^f''Vf"'^■ ^'"^'S^^^^' ^^^cway lings 4086 may include priority seuings for proofing and 

Frotocol (BGP), and Routing Information Protocol (RIP), deliver of video PVODl CI traffic 

which are well known in the networking arLs. Support of Switch 12 typically includes a lunneUng service module 
these routing protocols w.U allow system 10 to forward 2« 4U having subscriber-specific settings 408*7. ITie tunneling 

video traffic appropriately to edge router 20 and core router service module is configured to support secnire communica- 

iJtV ^ ^''"'^ P"'"* channels from a multiple enterprise video gateways 36, 

I^IG 4 shows a schematic view of the software compo- using the IPSec protocol described above. The tunneling 

nents of videoconferencing system 10. Enterprise network sendee module unencapsulales traffic from enterprise video 
18 typically mcludes terminal 34 having terminal settings 25 gateways 36. It also maintains a dynamic mapping of IP 

408fl, enterprise video gateway 36 having gateway selling address of each enterprise video gateway and port numbers 

408o, and an enterprise edge router/IAD 38, 248 having so that the enterprise video gateway can correctly route call 

enterprise rouler sctUng 4086, Settings 408a, 408o, and setup and video traffic back through to the appropriate 

4US6 arc referred to as enterprise network resident settings, enterprise video gateway. 

while the remaining settings 40Sc-40Sk, mp are referred 30 Switch 12 typically includes a virtual router 412 config- 

to as switch resident settings. urcd lo route requests from terminal 12 lo call control 

lermmal settings 40Sfl typically include the IP address of module 413. Typically, at least one virtual router having a 

the enterprise gateway, which acts as a proxy to the call unique IP address is provided for each subscriber network 

coijtro module 413 in videoconferencing switch 12. For 18. Traffic is routed between caU control module 413 and 

calls placed with the H.323 protocol, the IP address of the 35 enterprise video galeway/lAD 36, 246 based on settings 

enterprise gateway 36 (which also acts as a proxy to the 408c. The virtual router settings 408c typicaUy include the 

videoconferencing services switch H.323 gatekeeper 414) is address of enterprise edge router 38 or IAD 246, information 

provided. I'or calls placed with the SIP protocol, Ihe IP about the dedicated physical connection 42, and or the POP 

address of the enterprise gateway 36 (which also acts as a edge router 20. TVpically, a separate virtual router is pro- 

prray to ihc videoconferencing services switch SIP proxy 40 vidcd for each enterprise subscriber. To configure the routing 

416) is provided. Terminals use the IP address of the services, the switch provides BGP and OSPF routing on a 

enterprise gateway for registration (using e.g. H.323 RAS per-virmal router basis. Thus, separate routing tables are 

Signahng). call initiation (using e.g. H.323 ARQ signaling), maintained for each subscriber to segment its traffic, 

and atidio/video data exchange (using e.g. RTP/RTCP pro- Calls in the H.323 protocol arc routed to virtual H.323 

tocols). Users may optionally authenticate themselves with 45 gaiekeeper 414, while calls in the SIP protocol are routed lo 

H.323 gatekeeper/SIP proxy. 'J-hc enterprise gateway 36 SIP Proxy 416. Call control module 413 is configured to 

encapsulates these messages m packets having the enterprise perform call set-up operations, manage call data streams 

video gateway's globally rentable IP address as the source and perform caU tear-down operations, 

address and forwards these messages lo the call control Switch 12 also includes a policy engine 418 configured to 

module 413 in videoconferencing services switch 12. Typi- 50 enforce policies based on subscriber-specific settings on the 

cally, these packets are sent m an encrypted form using videoconferencing calls. The policies may be based on 

^ subscriber-wide settings 408/ that apply to all calls from a 

Enterprise video gateway settings 4G8o include secure given subscriber, and user-specific settings that apply to only 

commmwcaUon channel setting. Typically, this includes a single user or terminal of a given subscriber. Exemplary 

instructions on how to create a secure communication Chan- 55 policies include outbound/inbound calling privileges, 

nel between the enterprise gateway and the videoconferenc- encryption policies, bandwidth policies, priority among 

ing switch 12 according to the IPSec protocol, discussed users policies, participation privileges, inbound/outbound 

above. Traffic sent using the IPSec protocol typicaUy passes calling restrictions, time-of-day restrictions, audio or video 

through firewall 40 unexamined. Adjusting settings 408o of restrictions. Each of these exemplary policies may be imple- 

the enterprise video gateway to enable IPSec authentication 60 mented on a pcr-user or pcr-subscriber basis. For example, 

and encrypted data exchange with the video services switch a particular user may be able to use unlimited bandwidth! 

may either b« accomplished locaUy by the enterprise admin- have a top priority among users, be allowed to both view and 

istrator or service provider personnel via subscriber network participate in calls, be able to both initiate outbound and 

management application 410, or remotely via the video receive inbound calls, from 8am-6pra Mon-Fri. and not be 

couferencmg services management application 402. 65 restricted to only audio or only video galling. 

Enterprise edge router settings 4086 typically include the Switch 12 also includes a quality of service module 420 

globally routable IP address of the enterprise gateway 36, having a Multi Protocol Label Switching (MPLS) traffic 
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engmeeriDg module 422 configured to create a network path appKcaUon 410 to adjust the settings of each terminal when 
engjoeered according to the standard. The MP15 the teiminal is installed or reconfi^d %tem™V yT^ 

aKAileclure « de^nbed m the January 2001 Request For minal settings 410a may be set remotely by the sL« 
P'r' tfi''^K"fr'°~'.^''.'''®*^''=^^sArchi. picviderviavideoconferendngservicesmaagementZ" 
tecture," published by the Internet Engineering Task Force. 5 cation 4(B «iagememappu 

m!>no„<.«,^„t A'yA r j i^^uuwiuui v,LA IS an agreement executed between each eQtcrorise 

participant. By managing tte baS^Z Tatd on ^b 15 °f™'«>~^™6 ^-vice to be provided to 

co-figured to implemcm differ- „ per-terminal basis. Often, video quality is defined a^ 
t^:r^^':i:^7!^Z'^:tV:,:^^% ^ l^lTS'^ and .tency being^tJ an a^^ptabS 

fhl?Sl?'"'"^J?^H'^r'\"^^^^^^^ S^freX^';ouTet.i»rr^^^^ 

w„i 7 ^1>' disclosjrc of which is herein ciated that Ihoy may be stored on database 404. The switch 

incorporated by reference. This typically includes labeling a 2S „5ident scuings are typically loaded into video se^oS 

I^TJT;-^/'" ""^ -"^^_»2poHSicany£uchaLnceperday.byr2^ 

a™ module 428 configured to send IP Uaffic over ATM loaded in a simL manner fcom database 404 via video- 
switches, and setungs40«* therefor^ IP over AIM module is 30 conferencing services management appl cttion^*^ 
compliant wilh the standards described in Internet Engineer- , cu- « .u j .• PP"-'"on '™'- 
ing Task Force Request for Comments (RFC) 2684 Typi- ■ ,■ ' » """""^ ^"'""'"'e ^"f, embodimem of the 
cany, settings 408i for IP^ver-ATM m. dule 428«e c^- !Th " ^""-^""n""^ " T '^'i^'^ ^ '^'^^ 
figured on a per-virtual router and per-physical interface " .«''/°<=»''fe»=»<='"8 f^vices 
hasis f F J « iii^na^^- switch (VSS) 12 al an access point 16 to an Internet Protocol 

Quality of service module 420 also includes a video ^^^^ H'^^'^ ^^^<'<^ .'yP^'^^y includes 

transmission analysis engine 430 conligur d to analyze TrSl^foT T' ""T^^^'^''^'^ '^^'^^^^ 
videoconferenciag data carried by the stitch for quaUty videoconferencing services, 

parameters specified in traasmission analysis sellings 408m . 'no includes rcccivmg subscriber-specific 

Exemplary quality parameters include packet loss, jitter and 4n ^i?^g^. *° ''^ ^PP^^^ multiple videoconferencing 
latency. ' originating from the subscriber. 'ITic subscriber-speci Gc 

Videoconferencing services switch 12 also typically settings may be set and accessed by an administrator at an 

includes a security module 431. Security module 431 typi- "^^^^^^^^^ network and/or an administrator at service pro- 

cally includes a SIP/H.323 firewall 432, SIP/H3'>3 NAT V^^^ ^^^^ network 14 via management applications 402, 
module 434, encryption module 436, and Virtuafprivatc 45 ^escnbed above. At 508, the method further includes 

Network (VPN) module 438 SJP/H 323 firewall 432 is stormg subscnber-specific settings at a location accessible to 
configured to prevetit unauthorized access to video services Typically, the subscriber-specific settings are 

switch 402, and through it to subscriber networks The on switch 12 and enterprise video gateway 36, and in 

firewall settings 408n of firewall 432 are configured on a database 404. Certain subscnber-specific settings 408 may 
per-subscriber basis, such that a subscriber-specific firewall so ^^"""^"^^ ^"^ enterprise router 38, as 

may be custom -implemented for traffic fi-om each sub- oescnbed above. 

scriber. SIP/H.323 NAT module 434 is configured to provide method 500 includes configuring switch 12 to 
network address translation services for trafiic flowing connect videoconferencing calls between subscribers based 
through switch 12, NAT settings 4081 are also subscriber- °" corresponding subscriber-specific settings. Step 510 is 
specific. VPN module 438 is configured to create a virtual 55 ^Xpi'^ally accomplished via steps 602-^20, described below, 
private network for data flowing from switch 12 over At 512, the method further includes receiving and pro- 
network 20. cessing a videoconferencing call at switch 12. TVpically, a 
System 10 typically includes a videoconferencing ser- "ser at a terminal 34 at enterprise subscriber network 18 
vices management application 402 configured to enable the initiates a call connection request for a videoconferencing 
service provider to adjust the switch-resident settings of 60 ^ith * **s6r at a destination terminal, such as remote 
videoconferencing services switch 12 and settings 408o of destination terminals 134a, 1346 or local destination termi- 
enterprise video gateway 36, 236. System 10 also includes nal 34b. The call connection request typically includes 
a subscriber network management applica tion 41 0, by which pertinent information such as the origination and destination 
an administrator may adjust settings of devices on subscriber P^^y address. 

network 18, such as settings 408fl on terminal 34, 134, 408i> 65 Step 512 is typically accomplished by, at 514, receiving 

on enterprise router/IAD 38, 246. Typically, subscriber the call connection request at switch 12 and proceeding to 

network administrator uses subscriber network management connect the requested call by using the H.323 or the Session 
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ffrf'^^™''",'^''!^'^^''"^"'' ^i*- P'""'<=°1 «t-up. For outgoing daia, the NAT module is 

n«™**,^«.n ' source IP addresses and port numbers with its own eloballv 

Once the call connection request is processed and video- unique H.323 proxy IP address and pon nuXV FoJ 

monZ??.'' ?mTJ V^^^"^' ^^^"^^^^ ' mcomingdala,LNATsubstitS^ronruubr^^^^ 

?2 mavTo r 1 vidcoconTcreocing call Switch endpoiut destination IP addresses and port numt^^^ by ^^^^^ 

li^nl V^'"^ r " information related to vid- stored IP address/port number mapping information 

™rwh'."th'' ^^^l^^y' ^'^^^'^^^^f Step 616 forther includes conVringTe encm>tion 

ennr? ^'J 1^' 7^*"^" '"^ videoconfer- module at 706. Encryption is used only at certain enSe 

en«ng call the user wiU^^^^^ subscribers 18 and destination IP adc^ess^ For eSe 

520. The mcttod further includes logging the videoconfer- selected destination parties 

encing call infomialion in a call record at 522. The call Lastly, step 616 includes configuring virtual nrivate nei 

m'y Zt^^^^^^^^ '^^'^^'^ ^ «^^iber VR wil MPLS VPN 

laay mc udc length of cdl, parties on the call, bandwidth capability including creation of VPN ronlinft/fon^ardinE 

tables. Siep 708 fiJther includes coofigX 

narrernl - loss), among other sessions, VR to SP cdge-routing sessions, RIP/RcSaUc 

w^f.rrin^ Tf/- <c r ^^^^ subscribcr cdge-rouling sessions, etc. By confjimr- 

Referring to FIG. 6 configunng switch 12, at 510, to 2o ing switch 12 to support an MPI^ vpk module vi^- 

connect vidcoconfejj:ncmg calls includes configuring vari- s^^cific Vl^Ns can cZ across AIM, IpTnd^"y^^^^^^ 

rrS,.H.?°" r '"'^ '^'''^'^f ^^2' '*'^P ^"'^ 1" ^^i»ion, subscribers to MPl.S VPNs may 

2ii til '"'I'St " 1 ^"'^^^^^^ dynamically updated to enable sinTpXd o-ea^o^ 

604. creating an IPSec tunnel between switch 12 and gate- extranet and intranet VPNs and site-lo-site video traffic 
way 36. This step requires scllmg up IPSec authentication 25 delivery 

t^nn^i^Tir'"""'"'" '"i T'"^^ f ^^^f^^^^g ^« ^''f^- «' «'^P «f configuring quality of 

hinnelmg module unencapsulates traffic from gateway 36 service module includes configuring an MPLS traffic eng^ 

^6 andTortTumbrTh" "1^"" ''t" ^"""^ "^^""^ ^^'^> "^^^^^^ ^» C:onfigurTng 12 

Lt un ^.^.T H ' r ^"°^^"g Sa;«way 3« to route call support MPLS lH enables creation of premium-priced guar- 

^"""^ "^'"^^^ '''' 'PP^"' anteedbandwidthvideoconferencingdatapathsacrossa^SP 

s sin ^ 1 . ^n. . • ^^^"^ backbone. Step 802 further includes configuring of 

rV^^415 1 ***^'/r''^""°g \ ^i^t^^l roster MPI^ tunnels, enabling of express forwarding of data, and 

l!!ch 608 creating VR 412 within enabling Intermediate Sy.slem-Intermcdiate System (IS-IS) 

30 T^' ' ^^^^ commercially implemented in the products of 

modi ^.onTT?^ ^r''** u ^y^^^^^ c'l^f- i« ^ypi^^V accord- 
module wgmentaliOD and layenng archileclure of switch 12. plished by adjusting settings 408A 

<uwJ^/fnr f^fJ^\^™=>"^*^>^^V "'^^^^ configuring band- 

uri I ^^t'"''^'^' ^^'""^ ""PP^^^ management module 422, typically by adjusting set- 

^hlLl ^f , ^u^ 11^ '''yP'^'^^y ^'"8*^ '^^ ^"^l'^*^^ «f ^'^^'^ video band- 

tables ax^ maintained for subscnber 18 to segment traffic. 40 width allowed into or from an enterprise subscriber by lime 

Step 510 includes, at 612, configuring a caU^control of day 

module. At «H step 612 includes configuring H323 gate- At 806, the method further includes configuring dillercn- 

keeper 414 and/or SIP proxy 416 for subscriber 18. For tiated services (Diff-Serv) module 426 at 806. typically by 

H323 gatekeeper 414, configuring gatekeeper 414 includes adjusting Dilf Seiv settings 408;. These settings may be used 

configuring a subscnber zone in gatekeeper 414, discovery 45 to configure the TOS/IP precedence field for video traffic 

and registration of endpoinls, security, inter-gatekeeper (i-c.RTP streams) to/from each enterprise. This enables core 

communication, creation of records for bilUng and admin- devices in an SP network to give prioritized treatment to 

istrative purposes, etc. For SIP proxy 416, configuring proxy video traffic. 

416 includes discovery and registration of endpoints, infor- At 808, the method further includes configuring IP over 

manon fiom Domain Name Sen-ice (DNS) server, creation 50 asynchronous transfer mode (AFM) module, typically by 

^f^'^Tnfitt, • 1 ^ a • • a^JjusUngsettings408Ar.lPoverAnviservicesareconfigur6d 

Mep 510 turther includes configuring secunty module at on a per-virtual router and per-physical interface basis 

616 configunng quality of service module at 618, and At 810. the method forthcr includes configuring Wdeo 

configunng user-specific and subscriber-specific settings on transmission analysis module, typically by adjusting settings 

' Cf^:^^!'r^r\'' f'.i. • . . . "^"^ Configuration of size of jit^r "buffer Jthin the 

ciD^^ t?]2;^^^Z:^^P*^*"'''^'''^^^"'"^SuringH.323/ videoconferencing services switch is accomplished on a 

SIP firewall 432 at 702. H.323/SIP applications parse control per-enlerprise subscriber basis. 

data to dynanucaUy o^n and close ports for control traffic. FIG. 9 shows, in steps 902-918, one exemplary method of 

Information obtained from parsing is sem to network data accomplishing step 620 of configuring user-specific and 

plane hardware 304. anfiguring firewall 432 includes add- 60 subscriber-specific policies on policy engine 418 The 

ing firewaU address information into gatekeeper 414 for the method typically includes, at 902. setting access privileges 

zone, setung ports or channels that are staticaUy open, and Access privileges govern who can access the video system 

setting painty logging. with user level and administrator level access privileges. At 

Step 616 further includes configuring H.323/SIP network 904, the method includes setting inbound/outbound calUne 

address translation (NAO module at 704. For H323 NAT 65 privileges on a per-user or per-subscriber basis. For 

module, the NAT module is configured to parse packet example,every user in an enterprise may be prohibited from 

headers and payload of Q.931/H.245 control data streams making outbound calls on company holidays, except upper 
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management. At 906, the method typically includes setting bal packet-switched computer network to exchange 

lime-of-day pnvileges per user or subscriber. For example, data, including videoconferencing data and non-video- 

every user may be restricted from placing calls outside of conferencing data, the videoconferencing services 

re^ar business hours. At 908, the method typically switch being conagured to process videoconferencing 

includes settmg maximum video quality privileges per user, 5 data from multiple enterprise subscribers; 

orpersubscnber. at the videoconferencing services switch, receiving a 

At 910, the method typicaUy mcludes setting 2-way request for a videoconferencing call from an origba- 

support pnvileges. This allows a user to either send, receive, lion endpoint of one of the multiple enterprise sub- 

or both send and receive videoconferencing data pertaining scribers; 

to a call. At 912, the method includes setting audio-only lo connecting the videoconferencing call to a destination 

restrictions on a per-user or pcr-subscriber basis. The endpoint, the videoconferencing call having associated 

method mcludes settmg encryption requirements at 914. At videoconferencing data; and 

916 the method typicaUy includes setting priority privileges securing the vidco^nfercncing call based on subscriber- 

on a per-usec or per-subscriber basis. Videoconferencing specific security settings 

data sent by a user with higher priority privilege wUl take 15 6. TTie method of claim 5, wherein each enterprise sub- 
precedence over other data sent by a user of lower priority, scriber includes an enteiprii gateway posSd on^he 

method typically mcludes setting videoconferencing call point, the method fiirther comprising: 
L7caK\' "it^^^^^ 'r videoconferencing data from the enterprise gate- 

Z m Tnd suZjnrg02 Q?«""- videoconferencing services switch; and 

Z:^ii^tJ^^^J^^ non-videoconferencing data from the enterprise 

While the present inventfon has been'Sa^ shown ^ gateway arouiid ^e vrdeoconferencm^^^^^^ 

and described with reference to the foregoing prefmed h , Ta^?^ T videoconferencing 

embodiments, those skilled in the art will nndfrs^and to ^5 videoconferencmg «=rvices switch via 

ZlZ^r- nh^^n- Without departi^I ' ^tl^nS^^ 

irom ttic spint and scope of the mvention as defined in the « -i-u *u ^ r i i. • , 

following claims. The description of the invention should be , f ' ""[t'"^^^' ^^T"^ videoconferencing 

understood lo include all novel and non-obvious combina- f ' .uT u videoconferencmg services service 

tions of elements described herein, and claims may be 30 «^»^^J^^~^Sf/" foint edge router, 

presented in this or a later application to any novel and u ?' ^^^^^^ wherein a firewall exists 

non-obvious combination of these elements Where the 5''^'^*^° enterpnsc gateway and the video conferencing 

claims recite "a" or ''a first" element or the equivalent ^'^^ .u". rT TT*"''" u - , . 

thereof, such claims should be understood lo include incor- . ^^"^ ""^TT ' ''^^ videoconferenc- 

poration of one or more such elements, neither requiring nor 35 1* '''''^'''^ ^^'''''^^ ^ encrypted, 

excluding two or more such elements. ^^'^ method of claim 10, where the encryption is 

We claim: achieved using the IPSec protocols. 

1. A method for videoconferencing using Internet Prolo- "Method of claim 6, where the videoconferencing 
col (IP), the method comprising the steps of: ^ '^^^^^ switch via a DSL network. 

installing a videoconferencing services switch at an 40 13. The method of claim 12, where the videoconferencing 

access point to a service provider IP network; '^^^^ ^ ^^^^^^ switch, via PVC opened on the DSL 

at the switch, registering a plurality of subscribers for network, 

videoconferencing services, each subscriber including method of claim 5, wherein the call is connected 

a plurality of endpoints; according to H.323 or SIP protocols. 

receiving subscriber-specific settings to be applied to 45 method of claim 5, wherein the security settings 

multiple videoconferencing calls from the plurality of include firewall settings, 

endpoints associated with each subscriber; l^- J'he method of claim 5, wherein the security settings 

storing the subscriber-specific settings at a location acces- includes NAI' settings. 

sible to the switch; and 17. The method of claim 5, wherein subscriber-specific 

configuring the switch to connect calls from the plurality so settings include policies selected from the group consisting 

of endpoints at each subscriber based on the corre- of outbound/inbound calling privileges, encryption policies, 

spending subscriber-specific settings. bandwidth policies, priority among users policies, partici- 

2. The method of claim 1, wherein subscriber-specific pation privileges, inbound/outbound calling restrictions, 
settings include policies selected from the group consisting time-of-day restrictions, audio or 

of outbound/inbound calling privileges, encryption policies, 55 video restrictions. 

bandwidth policies, priority among users pohcies, partici- 18. A system for use in videoconferencing, the system 

pation privileges, inbound/outbound calHng restrictions, comprising: 

time-cf-day restrictions, audio or video restrictions. multiple enterprise subscriber networks, each enterprise 

3. The method of claim 1, wherein subscriber-specific subscriber network having one or more videoconfer- 
settings include firewall settings. 60 encing terminals; 

4. The method of claim 1, wherein subscriber-specific a service provider network configured to enable users of 
settings include network address translation (NAT) settings. the multiple enterprise subscriber networks to access a 

5. A method for use in videoconferencing, the method global computer network via an access point; and 
comprising: a videoconferencing services switch positioned on the 

installing a videoconferencing services switch on a ser- 65 access point of the service provider network, the vid- 

vice provider network at an access point configured to eoconferencing services switch being configured to 

enable multiple enterprise subscribers to access a glo- process videoconferencing calls from terminals of eadi 
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2. Jurisdiction is proper in this Court pursuant to 28 U.S.C. § § 1 33 1 (Federal 
Question) and 1338(a) (Patents) because this is a civil action for patent infringement arising 
under the United States patent statutes. 

3. Venue is proper under 28 U.S.C. §§ 1391(c) and 1400(b). 

4. TS is a Texas Limited Liability Company. 

5. Defendant Tandberg, Inc. (*'Tandberg») is a Delaware corporation with its 
headquarters located in New York, New York and an office for the transaction of business in 
Bridgewater, New Jersey. Tandberg has made, used, sold, offered for sale, offers for sale and/or 
imports apparatuses and/or systems that infringe one or more claims of the '526 patent. 
Tandberg has infringed and continues to infringe the '526 patent either directly or through the 
acts of contributory infringement or inducement in violation of 35 U.S.C. § 271. 

6. Defendant Avago Technologies U.S., Inc. ("Avago"), is a Delaware corporation 
with its headquarters located in San Jose, California. Avago has made, used, sold, offered for 
sale, offers for sale and/or imports apparatuses and/or systems that infringe one or more claims 
of the '526 patent. Avago has infringed and continues to infringe the '526 patent either directly 
or through the acts of contributory infringement or inducement in violation of 35 U.S.C. § 27L 

7. Defendant Bayer Corporation ("Bayer") is an Indiana corporation with its 
headquarters located in Pittsburgh, Pennsylvania. Bayer has made, used, sold, offered for sale, 
offers for sale and/or imports apparatuses and/or systems that infringe one or more claims of the 
'526 patent. Bayer has infringed and continues to infringe the '526 patent either directly or 
through the acts of contributory infringement or inducement in violation of 35 U.S.C § 27L 

8. Defendant Ericsson, Inc. ("Ericsson") is a Delaware corporation with its 
headquarters located in Piano, Texas. Ericsson has made, used, sold, offered for sale, offers for 
sale and/or imports apparatuses and/or systems that infringe one or more claims of the '526 
patent. Ericsson has infringed and continues to infringe the '526 patent either directly or through 
the acts of contributory infringement or inducement in violation of 35 U.S.C. § 27L 

9. Defendant One Communications Corporation ("One") is a Delaware corporation 
with its headquarters located in Burlington, Massachusetts. One has made, used, sold, offered 
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of the multiple enterprise subscriber networks, based 

on subscriber specific settings; 
wherein a first enterprise subscriber network includes an 

enterprise video gateway; and 
wherein the enterprise video gateway includes an encryp- s 

tion module configured to encrypt videoconferencing 

data sent between the videoconferencing services 

switch and the enterprise video gateway. 

19. The system of claim 18, wherein the enterprise video 
gateway includes an emulation module configured to emu- io 
late H.323/SIP call control and firewall functionality. 

20. The system of claim 18, wherein (he encryption 
module is configured to encrypt videoconferencing data 
using IP Security (IPScc) authentication and encrypUon. 

21. The system of claim 18, wherein the first enterprise is 
subscriber network includes an enterprise router configured 

to route videoconferencing data to the videoconferencing 
services switch. 

22. The system of claim 18, further comprising, a direct 
network connection dedicated to video traffic linking the 20 
first enteiprise subscriber network and the videoconferenc- 
ing services switch. 

23. The system of claim 18, wherein the access point on 
the service provider network is a point of presence (POP). 

24. The system of claim 23, wherein the service provider is 
network includes an edge router configured to route video- 
conferencing traiSc between the multiple subscriber net- 
worfcs and the videoconferencing services switch, 

25. The system of claim 23, wherein the service provider 
network includes a core router configured to route video- 
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conferendng trafiBc across a computer network backbone to 
a destination terminal in a remote zone. 

26. A system for use in videoconferencing, the system 
comprising: 

multiple enterprise subscriber networks, each enterprise 
subscriber network having one or more videoconfer- 
encing terminals; 

a service provider network configured to enable users of 
the multiple enterprise subscriber networks to access a 
^obal computer network via an access point; and 

a videoconferencing services switch positioned on the 
access point of the service provider network, the vid- 
eoconferencing services switch being configured to 
process videoconferencing calls from terminals of each 
of the multiple enterprise subscriber networks, based 
on subscriber specific settings; 

wherein a first enterprise subscriber network includes an 
cnterpriw video gateway; and 

wherein the videoconferencing services switch includes, 
(1) a virtual router configured to receive a request for 
a videoconferencing call fi-om an origination terminal 
via the enterprise gateway, and (2) a call control 
module configured to perform call set-up operations, 
manage call data streams, and perform call tear down 
operations for the videoconferencing call, wherein the 
virtual router is cxjofigured to route caH-reJated traffic 
between the origination terminal and the call control 
module. 



for sale, offers for sale and/or imports apparatuses and/or systems that infringe one or more 
claims of the '526 patent. One has infringed and continues to infringe the '526 patent either 
directly or through the acts of contributory infringement or inducement in violation of 35 US.C. 
§271. 

10. On information and belief, the systems, or components of the systems, that are 
alleged herein to infringe were made, used, imported, offered for sale and/or sold in the Northern 
District of California. 

11. This court has personal jurisdiction over defendants because the defendants have 
committed acts of infringement in this district; do business in this district; have systematic and 
continuous contacts in this district and/or have consented to jurisdiction here. 

12. TS incorporates paragraphs I through 12 herein by reference. 

13. This cause of action arises under the patent laws of the United States, and in 
particular, 35 U.S.C. §§ 271 et seq, 

14. TS is the exclusive licensee of the '526 patent with rights to enforce the '526 
patent and sue infringers. 

1 5. The '526 Patent, titled "Multiple Subscriber Videoconferencing System," is valid, 
enforceable and was duly issued in full compliance with Title 35 of the United States Code. 

COUNT f 

INFRINGEMENT OF T j.s. PATENT 6.980.526 BY 
DEFENDANT TANDBERG. fNr. 

1 6. Tandberg has infringed and herein continues to infringe the '526 Patent by 
making, using, importing, offering for sale and/or selling multi subscriber videoconferencing 
systems, covered by one or more claims of the '526 Patent, including, but not limited to, its 
products in the Tandberg Telepresence Series and Tandberg Profile Series product lines. 

1 7. On information and belief, Cisco Systems, Inc. is acquiring Tandberg via a 
voluntary cash offering, which is anticipated to close in the first part of 2010. 
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1 8. Various parties are alleged to directly infringe one or more claims of the ' 526 
patent via their use of multiple subscriber video conferencing systems. While one or more 
components of the accused system may have been provided by Tandberg, Tandberg does not 
provide the entire system to each such party. Therefore, disposition of TS' claims against 
Tandberg would not be dispositive of TS' claims against the third parties. 

DIRECT INFRf NGFMFIVT 

1 9. Tandberg and the other named defendants have infringed and continue to infringe 
the '526 patent by using a system covered by one or more claims of the '526 patent, including, a 
multiple subscriber video conferencing system. 

INDIRECT INFRINHFJVIFNfT 
(Contributory Infringement) 

20. Tandberg has contributorily infringed and continues to contributorily infringe the 
'526 patent pursuant to 35 U.S.C. § 271. 

21. As alleged above, Tandberg, defendants and others are direct infringers of the 
*526 patent. 

22. Tandberg offers to sell and sells components of the accused systems to others in 
the United States. 

23. The components Tandberg provides are material components of a patented article 
and/or a material component used in practicing a patented process. 

24. The components Tandberg provides are not a staple article of commerce suitable 
for substantial non-infringing use. 

25. Tandberg's actions were performed with knowledge that the components are 
especially made or adapted for use in an infringement of the '526 patent. 
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(Inducing Infringement) 

26. Tandberg has induced others to infringe and continues to induce others to infringe 
the *526 patent, pursuant to 35 U.S.C. § 271 . 

27. As alleged above, Tandberg and others are direct infringers of the '526 patent 

28. Tandberg offers to sell and sells various components of the accused system. 

29. Tandberg knowingly induced and continues to induce infringement of one or 
more claims of the '526 patent and possessed specific intent to encourage defendants' and 
others' infringement. 

30. Tandberg knew or should have known that its actions alleged herein would induce 
actual infringements of one or more claims of the '526 patent. 

3 1 . Tandberg intended to cause the acts of defendants and others that constitute the 
direct infringement of the * 526 patent, 

32. On information and belief, Tandberg has had knowledge of the '526 patent since 
at least the inception of this action, and possibly since the inception of litigation against Cisco, 
but continues to sell such components and continues to instruct Customers how to use accused 
systems that are covered by one or more claims of the '526 patent. 

33. On information and belief, since at least the filing of this action, Tandberg has 
Deen on notice of the '526 patent as well as of TS's infringement contentions, and on information 
md belief, has taken no steps to remedy any infringement. 

34. Tandberg knew or should have known that its actions would cause direct 
nfringement by defendants and others. 



5. 



COMPLAINT 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 



35. This case is exceptional pursuant to the provisions of 35 U.S.C. § 285 because, 
among other reasons, Tandberg was on notice of TS's rights in the invention and '526 patent as 
alleged above and continued its activities as accused herein. 

36. TS has complied with 35 U.S.C. § 287. 

37. Tandberg's actions complained of herein are causing irreparable harm and 
monetary damage to TS and will continue to do so unless and until Plaintiffs are enjoined and 
restrained by this Court. 

38. TS is entitled to damages of at least a reasonable royalty for the use of TS' 
invention by Tandberg and others, including both cost savings and increased profits reaped by 
Tandberg and others from their infringement as alleged herein. 

39. Defendants' actions complained of herein will continue unless defendants are 
enjoined by this Court. 

COUNT 11 

INFRINGEMENT OF U.S, PATENT 6.980.526 BY 
AVAGO TECHNOLOGIES U.S.. INC.. BAYER CORPORATION- 
ERICSSON, IN C. and ONE COMMUNICATIONS CORPORATION 

40. On information and belief, defendant Avago has infringed and continues to 
nfringe the '526 Patent by using a system covered by one or more claims of the *526 Patent, 
ncluding, but not limited to a multiple subscriber video conferencing system. 

41. On information and belief, defendant Bayer has infringed and continues to 
nfringe the '526 Patent by using a system covered by one or more claims of the *526 Patent, 
ncluding, but not limited to a multiple subscriber video conferencing system. 

42. On information and belief, defendant Ericsson has infringed and continues to 
nfringe the '526 Patent by using a system covered by one or more claims of the '526 Patent, 
ncluding, but not limited to a multiple subscriber video conferencing system. 
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43. On information and belief, defendant One has infringed and continues to infringe 
the '526 Patent by using a system covered by one or more claims of the '526 Patent, including, 
but not limited to a multiple subscriber video conferencing system. 

44. Defendants have reaped significant cost savings from using TS's patented 
invention, including reduced travel expenses, and such infringement has increased defendants' 
productivity thereby increasing defendants' revenues and profit. 

45. Defendants herein are accused of directly infringing one or more claims of the 
'526 patent via tiieir use of a multiple subscriber video conferencing system. While one or more 
components of the accused system may have been provided by Tandberg, Tandberg does not 
provide the entire system to each defendant. Therefore, disposition of TS' claims against 
Tandberg would not be dispositive of TS' claims against the remaining defendants, 

46. TS is entitled to damages of at least a reasonable royalty for the use of TS's 
invention by defendants, including both cost savings and increased profits reaped by the 
defendants from their infringement as alleged herein. 

47. Defendants' actions complained of herein will continue unless defendants are 
enjoined by this Court. 

48. This case is exceptional pursuant to the provisions of 35 U.S.C. § 285. 

49. TS has complied with 35 U.S.C. § 287. 

50. Defendants' actions complained of herein are causing irreparable harm and 
monetary damage to TS and will continue to do so unless and until Defendants are enjoined and 
restrmned by the Court. 

PRAYER FOR RELIEF 

WHEREFORE, Plaintiff, Teleconference Systems, LLC, asks the Court to: 

A. Enter judgment for Plaintiff on this Complaint; 

B. Enjoin Defendants, their agents, officers, servants, employees, attorneys and all 
persons in active concert or participation with Defendants who receive notice of the 
order from further infringement of United States Patent No. 6,980,526; 
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C. Award Plaintiff damages resulting from Defendants' infringement in accordance with 
35 U.S.C § 284; 

D. Treble the damages in accordance with the provisions of 35 U.S.C. § 284; 
Find the case to be exceptional under the provisions of 35 U.S.C. § 285; 

F. Award Plaintiff reasonable attorney fees under 35 U.S.C. § 285; 

G. Order the impounding and destruction of all Defendants' apparatuses that infringe the 
'526 Patent; 

H. Award Plaintiff pre-judgment and post-judgment interest and costs; and 

I. Award Plaintiff such ftirther relief to which the Court finds Plaintiff entitled under 
law or equity. 

JURY DEMAND 

Plaintiff, Teleconference Systems, LLC, demands a trial by jury pursuant to Ruie 38 of 
the Federal Rules of Civil Procedure. 



Dated: March 29, 2010 ROBERT W. HICKS & ASSOCIATES 




Kennedi R. Wright 
Robert W. Hicks & Associates 
14510 Big Basin Way, Suite 151 
Saratoga, CA 95070 
Telephone:(619) 846-4333 
Facsimile: (408)624-9369 

Anthony G. Simon 
Timothy E. Grochocinski 
The Simon Law Firm, P.C. 
701 Market Street, Suite 1450 
Saint Louis, Missouri 63 1 0 1 
Telephone: (314)241-2929 
Facsimile: (314)241-2029 

Attorneys for Plaintiffs 
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